Legal

Privacy Policy

Effective May 30, 2026

1. Who We Are

TalentOracle (“we”, “us”) provides career trajectory underwriting software to employers and investment firms (“Customers”). This policy explains how we collect, use, and protect information when you use our platform.

2. Information We Collect

Resume & career data. Customers submit resume text on behalf of employees or candidates. This is processed by our pipeline and stored as structured output (skills, career sequence, trajectory scores). The raw resume text is retained only to support re-scoring and is never sold.

Account data. Name, work email, and organization name collected at sign-up via Clerk.

Usage data. Page views, API calls, and feature usage — used to improve the product and enforce plan limits. We do not use third-party ad trackers.

3. How We Use Data

  • To generate trajectory reports requested by the Customer.
  • To operate, maintain, and improve the platform.
  • To enforce plan limits and process billing via Stripe.
  • To send transactional notifications (report ready, at-risk alerts) if opted in.
  • To train and refine our models — but only on aggregated, de-identified signals. Individual resume text is never used as verbatim training data.

4. Legal Basis (GDPR)

Where GDPR applies, we process data under legitimate interests (providing contracted services), legal obligation, and, where required, explicit consent. Customers acting as data controllers are responsible for obtaining consent from the individuals whose resumes they submit.

5. Data Sharing

We do not sell personal data. We share data only with:

  • Anthropic— to process resume text through their API. Data is subject to Anthropic’s data usage policies; we use their API with data processing protections enabled.
  • Supabase — our database provider (EU-US Data Privacy Framework compliant).
  • Stripe— for payment processing. Billing data is governed by Stripe’s privacy policy.
  • Clerk — for authentication. Governs authentication data per their privacy policy.

6. Retention

Report data is retained for as long as the Customer’s account is active, plus 30 days after account closure. Customers may request earlier deletion at any time (see Section 8). Usage logs are purged after 90 days.

7. Security

All data is encrypted at rest and in transit (TLS 1.2+). Row-level security is enforced at the database layer — no Customer can access another Customer’s data. API keys are stored as SHA-256 hashes; plaintext keys are never persisted.

8. Your Rights

Customers (and individuals whose data is held) may request:

  • Export — a machine-readable copy of all data held for your organization via Settings → Data Export, or by emailing us.
  • Deletion — erasure of all reports and account data via Settings → Delete All Data, or by emailing us. Deletion completes within 30 days.
  • Correction — update inaccurate account information via Settings.
  • Portability & objection — as provided under GDPR/CCPA where applicable.

9. Predictions & Automated Decision-Making

TalentOracle reports are probabilistic and intended to inform — not replace — human judgment. They must not be used as the sole or primary basis for adverse employment decisions. We do not make automated decisions with legal or similarly significant effects without human review.

10. Contact

For privacy requests or questions: privacy@talentoracle.com